Hack turns Cisco desk phones into remote listening devices

If you work in an office that uses one of the various Cisco branded IP phones, word has surface about a hack that might make you uncomfortable. Reports have indicated that Internet phones sold by Cisco Systems are vulnerable to hacks that can turn them into remote bugging devices allowing nefarious sorts to eavesdrop on calls and conversations close to the phone. Cisco warned about the flaw this week.

Cisco’s warning came after security experts demonstrated how people that have physical access to the phone could execute malicious code allowing eavesdropping. Cisco plans to release a software patch later this month to plug the security hole. The vulnerability has been confirmed to affect several models of desk phones in the CiscoUnified IP Phone 7900 series.

Cisco has also confirmed that the security vulnerability can be exploited remotely over a corporate network. However, Cisco has already issued workarounds that makes those attacks more difficult to execute. The security researchers who discovered the vulnerability are Ang Cui and Salvatore Solfo from Columbia University’s engineering department.

Details of the vulnerability were presented at the 29th Chaos Communications Congress. The hack was demonstrated using a device that connects to the local serial port of the Cisco phone. Once the device was attached to the phone it was able to inject attack code giving the attacker control over the device. The attack allows the hacker to monitor phone calls and turn on the phone’s microphone unbeknownst to people nearby. Cisco has promised to rewrite the underlying firmware to eliminate this vulnerability. Check out the video below to see the researchers outlining the hack.